How-to Tutorials

Use OpenSSL to Create CSR, Private Key and Self-Signed Certificate

Create CSR and Private Key in One Command

The following is a single command you can use to create a Private Key and CSR (Certificate Signing Request). The words in bold should be replaced to match you the website you're creating the certificate for.

openssl req -nodes -out \
-newkey rsa:2048 -keyout \
-config <(
cat <<-EOF
default_bits = 2048
prompt = no
req_extensions = req_ext
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
ST=New York
L=New York
O=Linux Bucket
OU=Web Security
CN =

[ req_ext ]
subjectAltName = @san_names

[ san_names ]
DNS.1 =
DNS.2 =

Self-Sign Your Certificate in One Command

Once again replace the bold text to match your website. This certificate will be valid for 1 year.

openssl x509 \
       -signkey \
       -in \
       -req -days 365 -out

At this point you could use the .key and .crt to secure your domain. Of course you wouldn't want to use this on a public website as self-signed certificates are meant more for internal use. The reason is that with sefl-signed certificates your users will get certificate errors telling them that the certificate is not signed by a known authority like Verisign, etc.

Next Post

Previous Post

© 2023 linux bucket

All rights reserved